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DETAILED ACTION 

1 . Applicant's amendment filed on October 1 2, 2005 has been entered. Claims 1 -8, 
10-12, 14-20 are pending. Claims 9 and 13 are cancelled by the applicant and claims 1, 
6, 7, 8, 10, 1 1, 17- 20 are also amended by the applicant. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1, 6-8, 10-12, 14-19 and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Martherus et al (US Pub No. 2002/0112155) and in view of Guski et 
al(US Patent No. 5,592,553). 

As per claim 1 , Martherus teaches: 
authentication authority means to serve as a Web services powerhouse to authenticate 
user identity [Fig. 1 component 34 paragraph 0083 lines 3-4], 

gateway authority means to serve as a gateway to delegate (forward) said 
authentication authority Web services to said authentication authority means [Fig. 1 
component 28, paragraph 0189 lines 16-17], 

authentication client means to serve as an end-user device [Fig. 1 component 12], 
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authentication handler means to serve as a doorkeeper to protect resources of business 
entities using said authentication authority Web services [Fig. 1 component 18, 
paragraph 0076 lines 2-4], 

means comprising: 

transmitting from said authentication client means to said authentication handler means 
[Fig. 1 paragraph 0088 lines 10-12], 

composing authentication requests by said authentication handler means, and 
transmitting said authentication requests from said authentication handler means to 
means selected from the group consisting of said gateway authority means and said 
authentication authority means [Fig. 1 paragraph 0088 line 12 paragraph 0082], 
processing said authentication requests by said gateway authority means, and 
redirecting said authentication requests from said gateway authority means to said 
authentication authority means [Fig. 1 paragraph 0088 lines 12, 16-17], 
generating authentication responses by said authentication authority means, and 
transmitting said authentication responses back to said authentication handler means 
[Fig. 1 paragraph 0088 lines 32-34], 

whereby a scalable and distributable system to authenticate and validate said user 
identity will be provided [paragraph 0088 28-32 paragraph 0083 lines 3-4], 
whereby the authentication system can be used as an ID verification system for said 
business entities to verify said user identity over a channel selected from the group 
consisting of the Internet, phone and other communication means [Fig. 1 paragraph 
0013 lines 11-12]. 
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Martherus teaches technology for authenticating user and user access 
requests for protected resource. Martherus doesn't expressively mention that end-user 
device generates the one-time identity codes. 

However, Guski teaches that end-user device generates the one-time 
identity codes [col. 6 lines 35-37 Fig. 3, Fig. 2]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to incorporate the teaching of Guski into the 
teaching of Martherus to generate on-time identity codes. The modification would be 
obvious because one of ordinary skill in the art would be motivated to prevent 
unauthorized access to system resources by using the intercepted passwords together 
with nonsecret information as a user ID [Guski, col. 1 lines 25-28]. 

As per claim 6 , the rejection of claim 1 is incorporated and Martherus 

teaches: 

gateway authority means and said authentication authority means contain means 
comprising the use of Web services technology to be separated and placed in the 
Internet accessible environment to become said scalable and distributable system [Fig. 
1]- 
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As per claim 7 , the rejection of claim 1 is incorporated and Martherus 

teaches: 

said authentication authority means contain means contain means comprising the use 
of Web services technology to register and manage said user identity, said 
authentication client means identity, said user private identity, and associated vital 
information [Fig. 1 paragraph 0084 lines 1-4, paragraph 0085 lines 1-5, paragraph 
0073 lines 1-9]. 

As per claim 8 . the rejection of claim 1 is incorporated. In addition, 
Martherus teaches the authentication authority [Fig. 1, component 34] that 
authenticates the user and to establish and/or manage identity profile [paragraph 
0085]. Martherus doesn't expressively mention that generating the one-time identity 
codes. 

However, Guski teaches that generating the one-time identity codes [col. 
6 lines 42-44 Fig. 3, Fig. 2]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to incorporate the teaching of Guski into the 
teaching of Martherus to generate on-time identity codes. The modification would be 
obvious because one of ordinary skill in the art would be motivated to prevent 
unauthorized access to system resources by using the intercepted passwords together 
with nonsecret information as a user ID [Guski, col. 1 lines 25-28], 
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As per claim 10 , the rejection of claim 1 is incorporated and Martherus 

teaches: 

said authentication responses generated by said authentication authority means contain 
means comprising the use of Web services technology to inform said authentication 
handler said user identity [Fig. 1 paragraph 0088 32-34]. 

As per claim 11 , the rejection of claim 1 is incorporated. Martherus 
teaches the technology for authenticating user using Web service [Fig. 1]. Martherus 
doesn't expressively mention the synchronization codes. 

However, Guski teaches that generates synchronization codes and 
conduct synchronization [Fig. 3, col. 3 lines 28-32]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to incorporate the teaching of Guski into the 
teaching of Martherus to generate on-time identity codes. The modification would be 
obvious because one of ordinary skill in the art would be motivated to prevent 
unauthorized access to system resources by using the intercepted passwords together 
with nonsecret information as a user ID [Guski, col. 1 lines 25-28]. 

As per claim 12 , the rejection of claim 11 is incorporated and Guski 

teaches: 

said synchronization codes are arranged to be generated by math functions comprising 
hash, power and modular math operators, wherein said math functions are arranged to 
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use said user identity, said authentication client identity, and said user private identity as 
the input information [Fig. 4 col. 7 lines 45-57]. 

As per claim 14 , the rejection of claim 11 is incorporated and Guski 

teaches: 

said authentication authority means and said authentication client means contain means 
to generate confirmation codes to verify the success of said synchronization [Fig. 3, 4, 6 
col. 7 lines 1-3]. 

As per claim 15 , the rejection of claim 1 is incorporated and Guski 

teaches: 

said authentication authority means and said authentication client means contain means 
to independently generate non-predictable sequence number which is an essential part 
for producing said one-time identity codes [Fig. 4, 6 col. 9 lines 1-8, 22-27]. 

As per claim 16 , the rejection of claim 15 is incorporated and it 
encompasses limitations that are similar to limitations of claim 12. Thus, it is rejected 
with the same rationale applied against claim 12 above. 



As per claim 17 , the rejection of claims 7, 12 and 16 are incorporated and 
Martherus teaches user private identity comprises said user's biometric identity and 
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other shared secret information [paragraph 0085, paragraph 0099 lines 11-12]. In 

addition, Guski teaches that user identity [col. 6 lines 29-34]. 

As per claim 18 . the rejection of claim 1 is incorporated and Martherus 

teaches: 

said authentication client means contain means comprising the use of Web services 
technology to be incorporated in a portable, hand-held device [paragraph 0013 lines 
10-12]. 

As per claim 19 , the rejection of claim 1 is incorporated and Martherus 

teaches. 

said authentication handler means is arranged to be executed on said business entities' 
computers which support the use of Web service technology [Fig. 1 component 18]. 

As per claim 20 . the rejection of claim 1 is incorporated and Martherus 

teaches: 

said authentication handler means contain means to receive and process said user 
logon request, compose and submit authentication request to said authentication 
authority means, process and validate returned authentication response from said 
authentication authority means, and grant permission for said user to log onto said 
business entities' computer [Fig. 1 paragraph 0088]. 
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3. Claims 2, 3, 4 and 5 are rejected under 35 USC 103 (a) for being unpatentable 
over Martherus et al (US Pub No. 2002/0112155) and in view of Guski et al (US Patent 
No. 5,592,553) and further in view of Brown et al (US Pub No. 2002/0169988, L. 
Brown). 

As per claim 2 , the rejection of claim 1 is incorporated and L. Brown 

teaches: 

gateway authority means contain means to interact with other entities of said gateway 
authority means, and publish said authentication authority Web services to Web service 
industry's registries [page 2 paragraph 0025, Fig. 1 "Service providers 11 host a 
network accessible software module. A service provider defines a service 
description for a Web service and publishes it to a service registry 13"]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to incorporate the teaching of L. Brown into the 
teaching of Martherus and Guski that use Web services to publish and discover the 
information. The modification would be obvious because one of ordinary skill in the art 
would be motivated to use Web services because Web services offers the dual promise 
of simplicity and pervasiveness. Web services are based on the extensible Markup 
Language (XML) standard data format and data exchange mechanisms, which provide 
both flexibility and platform independence [L. Brown, page 1 paragraph 0002, 0006]. 
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As per claim 3 , the rejection of claim 2 is incorporated and further L. 
Brown teaches: 

gateway authority means are arranged to use Web Services Description Language 
(WSDL) to publish said authentication authority Web services, and use Universal 
Description, Discovery and Integration (UDDI) standard to discover said authentication 
authority Web services published by other said gateway authority entities [page 3 
paragraph 0032, 0034 "The logical interface and the service implementation are 
described by the Web Services Description L-anguage (WSDL). WSDL is an XML 
vocabulary used to automate the details involved in communicating between Web 
services applications, Referring back to FIG. 1, the service can be publicized by 
being registered in a standard-format web registry 13. This registry makes it 
possible for other people or applications to find and use the service. For 
example, one can publish descriptive information, such as taxonomy, ownership, 
business name, business type and so on, via a registry that adheres to the 
Uniform Description, Discovery and Integration (UDDI) specification or into some 
other XML registry"]. 

As per claim 4 , the rejection of claim 1 is incorporated. Martherus teaches 
the Hypertext Transport Protocol (HTTP) and Secure Socket Layer (SSL) [Fig. 1, 
paragraph 0077, 0082] and further L. Brown teaches: 

authentication authority means, said authentication handler means, and said 
authentication client means are arranged to use Simple Object Access Protocol (SOAP) 
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to communicate, and use Hypertext Transport Protocol (HTTP) packets to transmit data 
over Secure Socket Layer (SSL) [page 3 paragraph 0043 "The SOAP security 
extension included with WebSphere Application Server 4.0 is intended to be a 
security architecture based on the SOAP Security specification, and on widely- 
accepted security technologies such as secure socket layer (SSL). When using 
HTTP as the transport mechanism, there are different ways to combine HTTP 
basic authentication, SSL, and SOAP signatures to handle varying needs of 
security and authentication"]. 

As per claim 5 , the rejection of claim 4 is incorporated and further L. 
Brown teaches: 

Data contains means to be transmitted by using File Transport Protocol (FTP) and 
Simple Mail Transport Protocol (SMTP) [page 3 paragraph 0031 "it is possible to 
send SOAP messages over IBM MQSeries®, FTP or even as mail messages"]. 

Response to Arguments 

4. Applicant's amendment filed on October 12, 2005 has been fully considered and 
is persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Martherus et al and 
Gulski et al. 
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Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Zhang et al (US 6,253,327) discloses a method and apparatus for 
providing single-step logon access for a subscriber to a differentiated computer network 
having more than one separate access area. 

Wood et al (US 6,944,761) discloses security architecture has been 
developed in which a single sign-on is provided for multiple information resources. 

Nadooshan (US 6,61,182) discloses a centralized token generating 

server. 

Yatsukawa (US 6,148,404) — Authentication System using Authentication 
information valid on-time. 

Audebert et al (US 2002/0194499) discloses a data processing method, 
system and apparatus for using an intelligent portable device. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Nirav Patel whose telephone number is 571-272- 
5936. The examiner can normally be reached on 8 am - 4:30 pm (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 571-272-3859. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 



the Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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